Hi there, On Tue, 20 Oct 2020, iulian stan via clamav-users wrote:
After a beer things started to look more clear :)
Why didn't I think of that? :)
You were right about something: indeed clamav is looking for something before starting to look after URL but it's actually looking for what should be the start of email headers. In short words is looking for: "From someone".
Oh, bother, I didn't think of that either - and I even do it in my milter, but it's a while since I wrote it. So is this safebrowsing thing only going to work for links in emails? That seems odd, I'd somehow thought it might be useful for people using clamd to scan their HTTP traffic in in real time. A sort of scan-on-access. Not that I'm advocating such a thing, but I've seen it mentioned.
If you read ... carefully ...
That often works better. :)
Long story short, safebrowsing is working ok ...
Fine - but I still think the documentation needs work.
... there are no hits which is quite surprising surprising i can say seeing the magnitude of the database entries and the scam/phishing flowing trough emails now-days.
It certainly seems true that the volume is increasing. Recently I've been seeing thousands just from Hotmail accounts. They're trivial to stop but I'd expect Microsoft to do a lot better at their servers. As for Google's safebrowsing, as I said I don't use it - but given that Hotmail's number one position in the spam charts here was previously occupied by Gmail, I can't say that I plan to spend much time on it. Glad you got it sorted out. :) -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
